Corporate information security is crucial for generating continuous business value in the modern world. Information security audits remain a critical component of achieving corporate security. This book presents a security audit methodology that conforms to the new security standard ISO 27001. Detailed sections illustrate how to conduct a nominal security audit that conforms with the ISO 17799 standard and a technical security audit for certification against the ISO 27001. Along with case studies that demonstrate implementation, the text provides a detailed methodology that explains how to devise a risk-driven security program as well as an effective information security management system.